Setting up Trusted Entity

This permission only needs to be assigned once for all users of the console, CLI,
and REST
API. There are options for assigning this permission:

Using the IAM role fields that appear in the General info pane when the first user
starts creating the first channel.

This option is very convenient, but it requires that the console user have read/write
access on Amazon IAM, because that user will be sending a request to Amazon IAM to
set up
AWS Elemental MediaLive as a trusted entity with Amazon EC2 Systems Manager Parameter
(and, incidentally,
with Amazon S3 and AWS Elemental MediaStore, which are two other services that AWS
Elemental MediaLive
probably needs to access on your behalf).

To set up in this way, see Step 2: Set Up the Input. Remember that
only one user needs to perform this setup. Subsequent users can choose the existing
role.

By going into IAM and setting up AWS Elemental MediaLive as a trusted entity.

This option also requires access to Amazon IAM, but typically an administrator who
has
this access will perform this setup on behalf of all users, before the users start
using
the console.

Both these options result in the creation of a role and a role ARN that is shared
by all
users (in the AWS account) of the console, CLI, and REST API. The role is called
MediaLiveAccessRole and the ARN belongs to that role.